Michael StJohns wrote on 2020-01-15 17:28:
... I think its a co-existence issue here. I don't think you should
have two different (calculation-wise) ZONEMD-like RRSets in the same
zone for the reasons you've mentioned. I don't think that reserving RR
types is the right way of doing things and I'm not sure how you'd write
the IANA guidance to cover the later assignment of those type numbers.
It's possible that we can tweak this a bit and get around the problem.
So maybe:
1 byte - Scheme - 1 == SIMPLE
Which has a body of
1 byte - digest - 1 == SHA384, a
followed by N bytes of the appropriate digest length.
And either "Only one Scheme shall be used per zone. A receiver shall
consider a zone containing multiple schemes as invalid for the purposes
of this document". or "The SIMPLE scheme shall exclude any ZONEMD RR
of a non-SIMPLE scheme from the digest calculation for the SIMPLE
scheme" or "ZONEMD digest calculations for any scheme shall only include
ZONEMD RRs with matching schemes - no placeholder records for non-scheme
ZONEMD rrs shall be added to the calculation".
I think the last of these three is probably the right approach.
+1.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop